Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
TrafficScript rule to protect against "Shellshock" bash vulnerability (CVE-2014-6271)
The following TrafficScript rule rejects requests attempting to exploit the recently discovered vulnerability in bash (CVE-2014-6271, processing of trailing strings after function definitions in the values of environment variables):
# the most likely attack is via http headers as they become env variables
The rule above can be used to protect a web application that executes a vulnerable version of the bash command interpreter, like cgi- or fcgi-based applications.
Since the SteelApp Web UI is such an application itself, it is also vulnerable if the software is running in an environment where "/bin/sh" is a vulnerable version of bash (this might be the case if you have installed SteelApp on Linux, but is *NOT* the case if you are running the Riverbed provided Virtual Appliances). The rule above can of course be used to secure SteelApp's administration server as well.
To do that, you have to change the admin server's port to, for example, 9091, restrict its listening socket to localhost, and create a loopback virtual server on port 9090 that uses the above rule. This loopback virtual server's default pool has to be ssl-encrypting and must have node localhost:9091.
SteelApp Web App Firewall already has an updated baseline that detects the attack on bash, so if your web application is secured by SteelApp Web App Firewall you only need to install the baseline update.